Major Microsoft security patch equals biggest ever

13 fixes, including one for a 17-year-old bug

Shares

Microsoft is planning a bumper Patch Tuesday tomorrow, with a total of 13 fixes. One of these will close a loophole that's existed since the days of DOS.

In a blog posting, Jerry Bryant, Microsoft Senior Security Communications Manager, announced the 13 fixes will address a total 26 vulnerabilities. Five of the patches are deemed critical, seven important, and one moderate. 11 affect Windows, with the remaining two covering Office.

Bryant stated: "We are not aware of any attacks on these vulnerabilities and continue to encourage customers to implement the mitigations and workarounds outlined in the advisories."

Old bugs

The old bug which is being fixed involves a utility that allows newer versions of Windows to run very old programs. It first appeared 17 years ago in Windows NT 3.1, and has been in every version of Windows since.

The vulnerability was discovered last month by Google security researcher Tavis Ormandy. He found the utility could be exploited in, XP, Vista, and Windows 7, as well as in Windows Servers 2003 and 2008.

Just last month Microsoft released and "out of band" patch for an Internet Explorer vulnerability that was believed to be the cause of the Google China hack. Last week yet another IE vulnerability was discovered that could let attackers view the files on a machine. Microsoft will get to grips with that one in the future, although there's no evidence that it's currently being exploited.